Friday, 7 September 2012

Detect It!

Detect it!

“Often the difference between a successful person and a failure is not one has better abilities or ideas, but the courage that one has to bet on one’s ideas, to take a calculated risk – and to act.”
-Andre Malraux-


In an effort to face risk, risk detection is perhaps the most important element, addressing it contributes to enhancing prospects for all the others. Effective risk detection would result in timely detection of emerging risks. It should also enhance risk management and further, lead to increasing confidence among the individuals and societies to be ready to take on risk, undermining the growing risk aversion.

The current economic turmoil is a consequence of malfunctioned risk detection on part of policy makers and those playing at the expense of such faulty risk detection. It cannot be denied that the 2008 financial crunch triggered by the US sub-prime market, led to the so-called ‘inevitable recession’ (economic cycles are a characteristic of capitalism). Given the sphere of influence of the United States, it spread more rapidly than a fire, and remains prominent still, moving from one part to another of the global economy, creating crisis after crisis. Effective risk detection could have spared the world its current plight.

However, it is often argued that a risk of downturn had been detected and forecasted by several individuals and entities long before it actually occurred. Hence, the economic crisis was a result of gross-negligence on part of the regulators. But my answer to them is that the cause of such negligence was again faulty risk detection. This is so because whatever risks had been detected, detection failed to portray the intensity of the germinating crisis. The regulators would certainly have listened to these independent pleas-had they been shown, then, a trailer of the current global economic state. But again, the question, ‘Did we have the ability then to detect risk that way? If no, then have we acquired it now?’ and if the answer is a ‘No!’ again, then, ‘What needs to be done and what are we doing to take risk detection to that level?’  

What is risk detection?

Risk can be defined as a situation involving exposure to a danger or loss. While detection can be defined as the action or process of identifying the presence of something concealed.[1] Hence, together, risk detection can be defined as the action or process of identifying the presence of something concealed, where such something refers to situations involving exposure to a danger or loss. Risk detection is performed at various levels of the society by diverse groups, to varying extents and at different time intervals. Within organisations, scenario planning and a vast range of forecasting methods and support systems and structures, define the level, extent and time of risk detection.

What is the role of scenario planning and forecasting methods? Who is or should be responsible for these aspects in the organisation?

Scenario planning helps organisations formulate long-term plans based on known assumptions and helps identify possible future performance, taking account of perceived uncertainties and risks. It provides for an extremely useful method to enable the application of a proactive approach to any unwelcomed circumstances likely to occur in future.

Forecasting methods on the other hand, compliment scenario planning by providing the planners with data analysis techniques and enabling interpretations and deductions for future events based on results generated by processing the available data. Their roles are as significant to risk detection as a calculator to performing calculations. Deciding whose responsible for these aspects in organisations varies from case to case.

However, in my opinion, the primary responsibility for detecting risks shall lie with the strategy formulators in the organisation and with decision makers at junior levels. A common and more structured way is to have risk detection delegated to a separate risk management team reporting directly to the top leaders. But such a practice needs revision.

Risk management should be an enterprise wide exercise and engrained in the business culture of the organisation.[2] An organisation today needs to add risk detection to the job roles of every team member, and train them to be able to perform it at intervals expedient to their operations. This would result in timely detection of risks at the lowest of levels possible, where at times the top management cannot reach.

In some cases, risk could be managed by junior team members at the point of detection, reducing significant costs annually and empowering them too. Significant preliminary findings, requiring more sophisticated solutions, ought to be reported to the risk-management team, and thereafter, dealt with appropriately.  

Moreover, organisations should ensure that their employees see risk as a threat which exists everywhere. The key to successful enterprise risk management practices depends on the behavioural attributes of the organisation at all levels.[3] They need to invest in providing for the right behavioural attributes across the organisation, advocating standard detection and reporting procedures to be followed. This will widen the scope of risk detection internally and to an extent externally, beyond the perceived scope of the risk detection teams.   

Perceived risks should be seen as traditional risks only and those beyond, should be identified by incorporating risk detection as part of the organisations’ overall and specific strategies. Often organisations fail to respect specific strategic risks. Risk is a function of how poorly a strategy will perform if the ‘wrong’ scenario occurs.[4] The what-if analysis and management information systems need to have the dimensions to deal with situations where scenario planning might fail altogether.

Plus, organisations should also evaluate their dealings on a regular basis at different levels so that timely risk detection is ensured. Better management of decision-making processes within British Petroleum (BP) and other companies, better communication within and between BP and its contractors and effective training of key engineering and rig personnel would have prevented the Macondo incident[5] (Deepwater Horizon Oil Spill 2010). Organisations should therefore, keep assessing their activities not only in terms of numbers but quality as well. Organisation wide support systems should be equipped to handle such anomalies on a timely basis before it gets worse.

How should the detection of risks be addressed in an increasingly complex and interconnected global landscape?

Effective risk detection in the current global landscape is achievable by virtue of a comprehensive and meaningful coverage. Organisations and leaders need to be tactful of not only what’s on paper but also of what might be or may have an influence on the organisation due to their positions. Competitors who might innovate better substitutes and steal away your market or greed which might force you to touch the depth of the ocean by two feet, are all potent sources of risk. Hence, anything beyond the usual need not be ignored.

My efforts after school on risk detection helped me find a model approach to get full coverage of the scenarios. Accordingly, organisations should address risk detection using a Troika Approach, breaking the process of risk detection into three phases:

a.       Internal
b.      External Sphere of Influence
c.       Beyond Sphere of Influence

In phase A, organisations apply risk detection procedures on areas specifically vulnerable in the organisation and at the overall organisation level. The risk-management teams in addition to addressing risk-detection at different levels and managing it must also undertake researching the likely sources of risks internally. This phase includes the points I have discussed earlier, under the role of scenario planning and forecasting methods and those responsible for them.

In phase B, organisations should extend risk detection to areas which are outside it but which the organisation’s actions could influence (depending upon the significance of such influence). These would include the local community and the environment etc. 

In phase C, risk detection should focus events and circumstances beyond the organisation’s control but which have an influence (depending upon the significance of such influence) on the organisation and the achievement of its goals (short-term or long-term).  They would normally include government policies, legislative changes, political changes, national security and competitor practices etc.

Furthermore, the Troika Approach should also be applicable in politics and the state. Phase A should then refer to the government or the state depending on the case, while Phase B should refer to international influence or national influence outside the government machinery and Phase C shall certainly refer to the international forces and influences brought-in from outside.

Moreover, organisations like the United Nations, International Monetary Fund, the European Commission and interest groups, should make collective efforts for establishing a global board for risk detection standards and procedures. The board should frame standards and procedures which the organisations and governments must follow to achieve adequate and timely risk detection. Legislative support to such standards should ensure proper compliance around the world and reduce economic disasters, in particular.

Inherent Limitations

Risk is chemistry, it’s not particle physics. You cannot separate the risks.[6]  Risk detection is mostly based upon perceived practices and procedures. It is impracticable to know all the risks and be able to separate one from another. Even though risk detection is not necessarily sample-based, it still cannot provide for complete relief. The most we can do is to ensure a maximum scope of risk detection as possible within the given resources. Still undetected risks may lead to material consequences.

Also, risk detection is extremely expensive because it requires employing highly-sophisticated and technical personnel and systems, and also requires extensive research activity. All of them carry a significant cost burden. Large organisations with sufficient resources may afford it, smaller ones cannot!

Consequently, often detectable risks lead to their failure because these organisations could not detect them owing to the cost and technicalities involved.  This could be devastating in such crunch times because I believe that smaller entities are significant to growth in the society by virtue of their adaptability and the potential to grow into larger organisations in future. They are also seen as being that part of the economy which adds the most jobs every year on in some of the major economies of the world.

Moreover, awareness about risk is another limitation. In countries like Pakistan with low literacy rates and improper business practices, organisations, at times, with millions worth of turnovers run without any risk detection processes at all! Therefore, policy makers in such countries must initiate and manage risk detection facilities, funded by public-private partnership for the benefit of such vulnerable but significant groups of the economy, making it accessible and affordable for all groups to face risk.

Such facilities should also run risk awareness programs and workshops to educate the business classes of the significance of risk detection to their businesses. Enterprise risk management is no panacea, and I know some people who question whether it really exists. But anything that gets people and the institutions they’ve built to look at risk from multiple angles, with an eye to building value, is a most welcome thing.[7]

Politically, risk detection (in terms of the state) is subject to the integrity of the politicians driven by self-interest. They might at times go away with detected risks, at the expense of national interest as well. Countries like Pakistan, Bangladesh, and India where good governance is still a luxury and where the people lack empowerment, politics and the governments are dominated by personal and support group ambitions. They are extremely negligent about risk detection of any sorts let alone be relied to face risk proactively.

Finally, the current era being an era of technological influence on decision makers, neither will reliance on technology yield the useful results always nor would it, in my opinion, lead to greater improvement of detection methodologies. Improvement by virtue of technology will remain limited because technology requires certain parameters within which it can be effective and efficient, whereas risk detection is something far more abstract, diverse, open, and complicated.  In order to make technology’s role more effective one needs to develop such parameters, to be more dynamic by innovating more effective techniques for risk detection and striving to increase our understanding of the scenario. 

“This awful catastrophe is not the end but the beginning. History does not end so. It is the way its chapters open.” -St. Augustine-

[1] Oxford English Dictionary
[2] OSFI Superintendent Julie Dickson, June 1, 2011
[3] RIMS-The Risk Management Society
[4] Michael Porter, Competitive Advantage
[5] Broder, John M. (January 5, 2011). "Blunders Abounded Before Gulf Spill, Panel Says", New York Times
[6] Enterprise Risk Management, (Chapter 5, Becoming the Lamp Bearer by Annette Mikes)
[7] Mark A Hofmann